IETF Logo Mail Archive

Re: [Add] Fwd: New Version Notification for draft-reddy-add-resolver-info-02.txt

tirumal reddy <kondtir@gmail.com> Mon, 12 April 2021 09:45 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 080293A1584 for <add@ietfa.amsl.com>; Mon, 12 Apr 2021 02:45:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DFamIw65COay for <add@ietfa.amsl.com>; Mon, 12 Apr 2021 02:45:03 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DED1E3A1582 for <add@ietf.org>; Mon, 12 Apr 2021 02:45:02 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id x13so10209607lfr.2 for <add@ietf.org>; Mon, 12 Apr 2021 02:45:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z7uM89h3NItileL6emI15IhhgzK7rQtf5Iqaz5FMr9U=; b=tJ9rmoD3foYg7EOTjgV2ucEFbXNBjSsTukLJ1Ht0CqNMIWwT1FNU3Qmg4nLblgilB4 rN2Sa74XUMcBCKVen56isu4UeW0JGqbPqKaol3eIX6fDbGrVUM/Xts5o45Y5q3UEo6d9 FGtnV7kdXNMBPUM49gJLGOKAuWzLzwMYeV8hU4MsIg6BRJ7jOx3UiQNTVw+FypqpDbE8 yaO16+HS5yjU0cqMcbUCUC3fOhNM+nExK5Goc7Oe0VyKje5WKIE7ETRR1L+3lUlbx7yE 42yRDZGR1yhJoeJvRNEYxWKI5264nLWKxP8WW9zVKbWYxuX0JRk5KNFbdMUbynt7gMjO OBOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z7uM89h3NItileL6emI15IhhgzK7rQtf5Iqaz5FMr9U=; b=jLgRskAbkGns4PyH7ugc4arpBW0fXH0UNB2BdiG/A2l+gDrEdWjkiHdAIkI0QNkLTT KbyFClC2QIXt/L10G54BkIo+4AwlyJAN8jlH0Rs16ynvvMwyr+nH9U3BiN3HMUdmt9yt 9XnIoA+svqd20xqSjx2RQSeY7IxY+kuctFeao5XYHZSlaSxyrw94Pqwv9LKUVYZ3p3OO rP7rY4pwcWFsa/BBIyNnrQtwhOzvhxCWLS0zS5iBfRDnafSFMdS2f4NhNUJqwuiK5S0V wF4akTdDVyI3W4Pm1PSfTMrWdwjJsCXLYhGVP0WLeVRcSDeEYkhu1eKp7jA6zsZoNRk+ 4dgg==
X-Gm-Message-State: AOAM533qDEbjmVEY8VlxR90nqUl/nUPFcZGB/UQ4sTvGQYNzk8h0j6YB hsRcZfBraopDIsGpniwZahcUjEWiUs8YdNqgo1w=
X-Google-Smtp-Source: ABdhPJym33d132gkpY4QRVKCOcEq5f8q4rhIISghWSCSrgzhu4Ph6onCdTf2Q7DgQ1950B0oTrrHfOagfr7Cyj2HyUM=
X-Received: by 2002:a05:6512:1052:: with SMTP id c18mr8700820lfb.384.1618220698860; Mon, 12 Apr 2021 02:44:58 -0700 (PDT)
MIME-Version: 1.0
References: <161761144355.1534.1189126958533352034@ietfa.amsl.com> <CAFpG3gc6ri4eiM-iOdUyp+BEQtqx8VA773nyv3H-Csmm3t77=A@mail.gmail.com> <194e9a5a-6ab-e77d-eb9b-7c341a02639@dotat.at> <CAFpG3gce9_B2LYUs4+TKrpa8bRQh5zsFKg8+459cwpVuOwvLEw@mail.gmail.com> <CAHbrMsDV1dYC_4jnqXZSGYJnMJQezEvCTvwyhOPji9YF3QsHQA@mail.gmail.com>
In-Reply-To: <CAHbrMsDV1dYC_4jnqXZSGYJnMJQezEvCTvwyhOPji9YF3QsHQA@mail.gmail.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Mon, 12 Apr 2021 15:14:47 +0530
Message-ID: <CAFpG3gd+qbCwHKe5_oyQan_vi2_vJekLxCSr1QTBV2EbLC4RWw@mail.gmail.com>
To: Ben Schwartz <bemasc@google.com>
Cc: Tony Finch <dot@dotat.at>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ec807605bfc35dd7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/RgMxGca9WrXxLM50coQfDBLJHUg>
Subject: Re: [Add] Fwd: New Version Notification for draft-reddy-add-resolver-info-02.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Apr 2021 09:45:08 -0000

On Thu, 8 Apr 2021 at 20:55, Ben Schwartz <bemasc@google.com> wrote:

>
>
> On Thu, Apr 8, 2021 at 5:40 AM tirumal reddy <kondtir@gmail.com> wrote:
> ..
>
>> For example, if the special use domain name "resolver.arpa" is used to
>> discover the Encrypted DNS server, the client can first query the resolver
>> for SVCB records for "dns://resolver.arpa" to get the fully-qualified
>> TargetName and then retrieve the resolver information using the RESINFO
>> RRtype, QNAME of the TargetName.
>>
>
> I don't think this is a good design.  It does not add security, and having
> multiple places to look for RESINFO records seems likely to add complexity
> and reduce interoperability.
>

The SVCB lookup is mandatory for SUDN ("resolver.arpa") to get the
designated resolver name (see
https://tools.ietf.org/html/draft-ietf-add-ddr-00#section-4). The client
can use the discovered designated resolver name to look for a RESINFO
record after the encrypted connection is established.

Please clarify what change you are proposing to the draft.


>
> The DNS resolver information can be retrieved after the encrypted
>> connection is established to the DNS server
>>
>
> This seems like a much better approach.
>
> Of course, if the resolver is known by name (resolver.example), then it
> can simply publish a RESINFO record on that name.
>

Yes.

-Tiru

v2.23.0 | Report a Bug | By Email